4 matches found
CVE-2020-7609
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON" can be controlled by users without any sanitization...
@fanatic/oracle (>=1.0.0 <=1.3.0), @ghg/amplifier (>=0.0.2 <=0.5.7) +8 more potentially affected by CVE-2020-7609 via node-rules (>=3.2.0 <=4.0.2)
node-rules NPM version =3.2.0, =1.0.0, =0.0.2, =0.0.2, =0.0.13, =0.0.1, =0.0.1, =0.2.7, =0.2.2, =0.2.3 Source cves: CVE-2020-7609 Source advisory: OSV:GHSA-F78F-353M-CF4J...
CVE-2020-7609
CVE-2020-7609 affects the node-rules JavaScript engine. The vulnerability arises because the rules in function "fromJSON()" can be controlled by users without sanitization, enabling injection of arbitrary commands and potentially OS command execution. Affected range is described as 3.0.0 up to be...
@fanatic/oracle (>=1.0.0 <=1.3.0), @ghg/amplifier (>=0.0.2 <=0.5.7) +8 more potentially affected by CVE-2020-7609 via node-rules (>=3.2.0 <=4.0.2)
node-rules NPM version =3.2.0, =1.0.0, =0.0.2, =0.0.2, =0.0.13, =0.0.1, =0.0.1, =0.2.7, =0.2.2, =0.2.3 Source cves: CVE-2020-7609 Source advisory: SNYK:JS-NODERULES-560426...